Perennial Favorites

Article Categories

Monday, January 28, 2013

January 28 is the date set aside annually as Data Privacy Day. The official Data Privacy Day theme is: Respecting Privacy, Safeguarding DataandEnabling Trust.

Let us take a closer look at why we would want to safeguard our data and steps we can all take for keeping our data safe.

Data

What information do you store on your computer?

Home computers have rapidly become the storage place not only for personal correspondence but also for financial data, including bank records and government tax return forms. This information in the wrong hands can, and does, result in identity theft.

What information do you share on social network sites?

Facebook is one of the largest social network sites where people connect with not only friends and family but also acquaintances. These acquaintances may be people they "met" at other sites, forums or through friends and family. However, they are only known virtually.

Not only is the information you share on sites like Facebook data, so is your home town, where you went to school, when you graduated, your birth date, address and telephone number as well as names and birth dates of family members. If this information is public, it is the very information that identity thieves can use.

What about your smart phone? Do you check in at every location as you go about your daily travels and share it on Twitter or Facebook? Do you announce and document business or family trips?

Information stored on your computer or shared on social networking sites includes data that needs to be safeguarded to protect your privacy.

Safeguarding Data

The message about having an up-to-date antivirus software and firewall has been well received by home computer users. When helping with malware removal, it is has been a very long time since I have seen a computer without antivirus software and a firewall. Computer users are also getting much more conscientious about installing security updates and keeping third-party software updated.

This is all good news, but malware writers are very clever and manage to find a way to infect computers. In addition to the standard antivirus, firewall, updating what else can you do to safeguard your data?

In addition to keeping your computer and software programs updated, following are a some general suggestions for protecting the data on your computer:

Protect your wireless router with a password.

Don't open e-mail, instant message or Facebook attachments you are not expecting.

Do not click anywhere on a pop-up or warning from a program you did not install. Use the keyboard shortcut Alt + F4 to close the window.

Pay close attention when installing software. Do not blindly click through the screens or you may end up with more than you expected.

Whenever possible, only download software programs from the vendor site. Keep in mind that free is not always free.

Always scan any file you download from the Internet.

Have a back-up plan in place, particularly for documents, pictures and other files that cannot be replaced.

Use a complex password, not a "dictionary word" or family name.

What about safeguarding the data you share on social networking sites like Facebook?

Facebook makes it easy to connect and share information with friends and family. However, it is critical to ensure that you are not openly sharing personal information that could make you a target of identity theft.

See this excellent guide by Sophos, Facebook Security Best Practice, which not only covers information and setting recommendations but also explains the reasoning for the recommendations.

Another resource that is helpful for Facebook users is Facecrooks, a source for not only privacy information but also the latest hoaxes that regularly circulate on Facebook.

A few easy steps will keep both the data on your computer as well as the information you share both secure and private.

Remember - "A day without laughter is a day wasted."May the wind sing to you and the sun rise in your heart...

Monday, January 14, 2013

The update is to address an issue that affects Internet Explorer versions 6, 7 and 8. Internet Explorer versions 9 and 10 are not affected.

This update is critical if you have Internet Explorer versions 6, 7 or 8 installed on your computer. Windows XP users of IE6 or IE7 should update to IE8 as soon as possible. Windows Vista and Windows 7 users should be using IE9.

Note: The Advance Notice for this update to Internet Explorer versions 6-8 indicated if the Microsoft Fix it was applied, it was not necessary to uninstall it prior to updating IE.

The advice provided now is to disable the Fix it after updating as it is no longer required.

Sunday, January 13, 2013

On Monday, January 14, 2013, Microsoft is planning to release an out-of-band critical security update for the issue described in Security Advisory 2794220.

The update is to address an issue that affects Internet Explorer versions 6, 7 and 8. Internet Explorer versions 9 and 10 are not affected.

Although Microsoft has seen only a limited number of customers affected by the issue, the potential exists that more could be affected. Thus, it is advised that the update be installed as soon as possible.

Even with the update, if your operating system is Windows Vista or Windows 7, update to Internet Explorer 9. For Windows XP, your system will be more secure if you update to Internet Explorer 8.

If you applied the Fix it released in Security Advisory 2794220, it will not need to be uninstalled before applying the security update.

The advice of the U.S. Department of Homeland Security, US-CERT, security software vendors and others advising that Java be uninstalled appears to have spurred the early release of an out-of-band security update for Java SE.

Ahead of the Critical Patch Update Pre-Release Announcement which had the update scheduled for Tuesday, January 15, 2013, the update for Java version 7 update 11 has been released.

Edit Note: Additional vulnerabilities have been found in the latest Java update, which did little other than adjust the settings to the Java Control Panel. See Java, The Never-Ending Saga for additional information on removing or disabling Java.

If you uninstalled Java, consider that you really may not need it on your computer. On the other hand, if there are programs you use or websites that you visit that require Java, it is strongly advised that the update be applied as soon as possible.

Java Security Recommendations

1) In the Java Control Panel, set the security to high.
2) Keep Java disabled until needed. Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Thursday, January 10, 2013

Once again there are reports of a Java zero-day vulnerability being actively exploited in the wild. All versions of Java are impacted, including the most recent release, JRE 7, Update 10.

With any version of Java installed on your computer, visiting a malicious link can result in a serious malware infection. Significantly, the exploit is not operating system and, although currently targeting Windows systems, can also run the same code on Mac OS X or Linux.

Edit Note: The recent Java update 11 did little other than adjust the settings to
the Java Control Panel. Additional vulnerabilities have been found in that
latest Java update. See Java, The Never-Ending Saga for additional information on removing or disabling Java.

Recommendations

1. Uninstall Java.

First and foremost, most home computer users do not need Java installed on their computer. In the past, Java was needed for websites
to be properly displayed. However, that is generally not the case now. I uninstalled Java several years ago and have not had a need for it.

To remove Java, navigate to Control Panel\All Control Panel Items\Programs and Features (Add/Remove Programs on Windows XP). Select for removal all instances of Java, including:

Confirm that the folders shown below have also been removed. If not, delete the folders manually.

C:\Program Files\Java C:\Users\%UserName%\AppData\LocalLow\Sun

2. Disable Java

The update to Java JDK 7u10 includes the option to disable Java in the browser. Thus, if you have a business need to use Java, play online games or use OpenOffice, disable Java. All you need to do is uncheck the box "Enable Java content in the browser" in the Java Control Panel.

In the event Java is needed for software installed on your computer,
there should be a prompt for it. In that situation, launch the Java Control Panel and re-check the option to enable Java. Then, remove the check again when finished.

Tuesday, January 08, 2013

Adobe Flash Player was updated to address critical security vulnerabilities. These updates address a vulnerability that could
cause the application to crash and potentially allow an attacker to take
control of the affected system.

Flash Player Update Instructions

Flash Player for Windows, Macintosh and Linux

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

Adobe AIR 3.5.0.880 and earlier versions for Windows, Adobe AIR
3.5.0.890 and earlier versions for Macintosh and Adobe AIR
3.5.0.880 for Android. See Determine version | Adobe AIR runtime.

Beginning with Adobe Flash Version 11.3, the universal 32-bit
installer will include the 32-bit and 64-bit versions of the Flash
Player.

If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box. It is not needed for the Flash Player update.

Uncheck any toolbar offered with Adobe products if not wanted.

If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.

The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

Adobe released security updates for Adobe Reader and Acrobat XI
(11.0.0) and earlier versions for Windows and Macintosh. Also released were security updates for Adobe
Reader 9.5.1 and earlier 9.x versions for Linux.

These updates address
critical vulnerabilities that could cause a crash and potentially allow an
attacker to take control of the affected system.

*If you have problems with .NET Framework updates, it is recommended that you install this update separately with an shutdown/restart.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.

Friday, January 04, 2013

I confess thousands have requested a WinPatrol feature that I never added until this week when @SecurityGarden asked for it. :)

Yes, WinPatrol now has a minimize option. Although it is certainly easy enough to click on another program to change focus, too often when helping people with WinPatrol, I caught myself closing WinPatrol Explorer, only having to relaunch it again. I asked Bill if he would consider adding a minimize button. As shown in the above screen clip,
Bill came through. Thank you, Bill.

Bug fixes include the" First Detected" Date for Active Tasks
and when hiding the Scotty System Tray icon.

Additional new features include the following:

Delayed Start List Option:

"Run As Adminstrator" for any programs launched by WinPatrol in Delayed Start list.

Restart Windows 8 to Advanced Repair/Restore mode:

Note: This feature is only available with WinPatrol PLUS.

Right-click on any file with WinPatrol and
select "Restart Windows for Repair in Safe Mode."

Although the latest version update includes Windows 8 features,
WinPatrol runs on Windows XP, Vista and Windows 7, Windows 8 including
x64 versions.

Go here for additional information about the update and to download WinPatrol.

Remember - "A day without laughter is a day wasted."May the wind sing to you and the sun rise in your heart...

TURKTRUST Inc. incorrectly created two subsidiary Certificate Authorities: (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was used to issue a fraudulent digital certificate to *.google.com.

Actions:

Windows Vista and newer:

With up-to-date security updates, your computer was protected with the installation of Microsoft Knowledge Base Article 2677070, released on June 12, 2012.

The update provides an automatic updater feature which includes a mechanism that allows
Windows to specifically flag certificates as untrusted. With this feature, Windows checks daily for updated information about
certificates that are no longer trustworthy. In the past, movement of
certificates to the untrusted store required a manual update.

If you have not installed KB 2677070, it is strongly advised that you do so as soon as possible.

Windows XP and Windows Server 2003:

Because the automatic updater feature is not applicable to Windows XP and Windows Server 2003, it is necessary for users of these systems to manually check for updates.

Two bulletins are identified as Critical and address vulnerabilities in Microsoft Windows, Office, Developer Tools and Microsoft Server Software. The five remaining bulletins are rated Important and will address issues in Microsoft Windows, .NET Framework and Microsoft Server Software.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Tuesday, January 01, 2013

How well I remember the January 2006 e-mail congratulating me on being presented with the Microsoft® MVP Award. I knew that I had been nominated but, at the time, had no idea how the award cycle worked so the award came as a complete shock.

Recalling that first award, it arrived following a particularly difficult time in "real life", resulting in a sort of personal renewal to dig in and continue with renewed enthusiasm.

Once again, I have been faced with a troublesome time -- this an event that had a profound effect on our local community, the Christmas Eve shooting of four
volunteer firefighters from the neighboring West Webster Fire District (#WWFD) when volunteer firefighters Mike (Chip) Chiapperini and Tomasz Kaczowka lost their
lives and Theodore Scardino and Joseph Hofstetter were seriously injured.

Since the Christmas Eve tragedy, one thing aside from the coming together of the "Brotherhood" that stood out was the support of people not only in the local community but also across the U.S. and Canada. There was a resounding repetition locally and throughout the U.S. and Canada of unselfish occurrences of "Pay it forward" as people attempted to demonstrate appreciation to local and visiting firefighters, first responders, police and others in public service. Hundreds upon hundreds of people volunteered their time to the community during this trying time.

What I continued to reflect on as the end of 2012 approached was not only those who volunteer in our community but also how many people volunteer time and expertise to help others in both life-threatening situations and in every day life. I couldn't help but feel that I wasn't doing my part.

When I received the e-mail this morning recognizing my volunteer efforts in Consumer Security, helping people with infected computers, it slowly dawned on me. Perhaps I am doing some good, freely helping others.

Although I don't put my life on the line, it is an incredible honor that my volunteer contributions have again been recognized by Microsoft® with the award as 2013 Microsoft MVP:

"Dear Corrine Chorney,

Congratulations! We are pleased to present you with the 2013 Microsoft®
MVP Award! This award is given to exceptional technical community
leaders who actively share their high quality, real world expertise with
others. We appreciate your outstanding contributions in Consumer
Security technical communities during the past year."

Let the heroes of West Webster and around the world, the "random acts of kindness" serve as inspiration and challenge to you to Pay it Forward in 2013, volunteering or helping others in some small way.

Remember - "A day without laughter is a day wasted."May the wind sing to you and the sun rise in your heart...